How to exploit 7-zip's privilege escalation vulnerability (CVE-2022-29072)

Рет қаралды 7,592

2 жыл бұрын

In this video, I show you have easy it is for an attacker to exploit the 7-zip vulnerability. This vulnerability requires an attacker connect to your system already, but has a limited account. This exploit allows the attacker to gain administrator level access by abusing the weakness in 7-zip.
Mitigations
Option 1: If 7-zip does not update, deleting the 7-zip.chm file will be sufficient to stop the vulnerability.
Option 2: Uninstall it and wait for the vendor to release an updated version that addresses this problem.
#pentesting #infosec #lockardsecurity #cve-2022-29072 #exploit #ethicalhacking #ceh #oscp #7-zip #hacking #privilegeescalation #redteam #purpleteam #blueteam #cybersecurity

Пікірлер: 29

@dyonramselaar 2 жыл бұрын

The presumably real exploit would give you "NT AUTHORITY\SYSTEM" as the output (the highest possible privilege) when you run 'whoami'. This video does not demonstrate any exploit exploit. You didn't even escalate your privileges by a little. Try running 'mkdir a' after the command prompt or PowerShell window opens. You get "permission denied" because it runs as your own user without administrator rights. You only just used Active X to run Javascript that executes cmd.exe.

@nicklockard3912 2 жыл бұрын

The user account has admin rights, I wasn't aware this exploit was supposed to pop a shell with NT AUTHORITY\SYSTEM. That is good to know, sounds like its back to the drawling board and redo the video, thanks for the comment!

@nomorefood 2 жыл бұрын

Are you intentionally spreading cybersecurity misinformation? The only reason this launches in C:\Windows\System32 is because that's the default working directory for 7-Zip.

@nicklockard3912 2 жыл бұрын

@alexyemm 2 жыл бұрын

You have not escalated your privilege, the directory you start in is irrelevant. You could have achieved the same thing by hitting Start > CMD. Boo.

@nicklockard3912 2 жыл бұрын

@zigafide 2 жыл бұрын

I am 99% sure that if it was actually admin, it would say "Administrator" in the title bar of the CMD. The working directory means nothing.

@nicklockard3912 2 жыл бұрын

@SuperBruzzel 2 жыл бұрын

it really shows, that you dont know what youre doing ;)

@nicklockard3912 2 жыл бұрын

@annwang5530 2 жыл бұрын

Epic dude. Very handy html

@lunaticraj4417 Жыл бұрын

Hi sir I need a little help can you help me please

@SeattleUECE 2 жыл бұрын

I have not found this video to be accurate. I've not found 7zip to gain administrator privileges.

@nicklockard3912 2 жыл бұрын

@Marckillius 2 жыл бұрын

Did you even try to validate elevated privileges when you did this? This is completely wrong, nothing about this is even close to correct.

@nicklockard3912 2 жыл бұрын

@matthewstork2245 2 жыл бұрын

So 2 things: 1. Your HTML is technically broken. You need to close head and html. 2. Following your example exactly, I don't have elevated rights. Just try running a command that requires elevated rights, like "mkdir Something" and you will receive an access denied message. If you do not, turn UAC back on.

@nicklockard3912 2 жыл бұрын

@AntonioAmenta-df7tu 3 ай бұрын

Bel video

@abrahamfoam7376 2 жыл бұрын

This did not elevate any permissions on a hardened machine. Also the execution was blocked. This is not a hack or an exploit, just running a cmd by let's say another process which is like duuuuh.

@nicklockard3912 2 жыл бұрын

@abrahamfoam7376 2 жыл бұрын

@@nicklockard3912 well, if you dig hard enough you sure will find a scary exploit, but I'm not sure if this one will get you anywhere I can be wrong though 😉 .